[Libguestfs] selinux question and answer
Richard W.M. Jones
rjones at redhat.com
Thu Aug 13 10:06:40 UTC 2009
On Thu, Aug 13, 2009 at 10:41:57AM +0100, Daniel P. Berrange wrote:
> Could you discover the neccessary/supported targets from the semanage,
>
> eg
>
> # semanage user -l
>
> Labeling MLS/ MLS/
> SELinux User Prefix MCS Level MCS Range SELinux Roles
>
> root user s0 SystemLow-SystemHigh system_r sysadm_r user_r
> system_u user s0 SystemLow-SystemHigh system_r
> user_u user s0 SystemLow-SystemHigh system_r sysadm_r user_r
This is what semanage says when run inside libguestfs:
$ ./fish/guestfish -a /dev/mapper/vg_trick-F11x64 --ro \
selinux on : \
run : \
mount /dev/vg_f11x64/lv_root / : \
sh "/usr/sbin/load_policy" : \
sh "/usr/sbin/semanage user -l"
Labeling MLS/ MLS/
SELinux User Prefix MCS Level MCS Range SELinux Roles
guest_u user s0 s0 guest_r
root user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r
staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r
sysadm_u user s0 s0-s0:c0.c1023 sysadm_r
system_u user s0 s0-s0:c0.c1023 system_r
unconfined_u user s0 s0-s0:c0.c1023 system_r unconfined_r
user_u user s0 s0 user_r
xguest_u user s0 s0 xguest_r
I guess we should wait until Dan Walsh / Eric Paris are awake and can
comment on what we *should* be doing.
Rich.
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://et.redhat.com/~rjones/libguestfs/
See what it can do: http://et.redhat.com/~rjones/libguestfs/recipes.html
More information about the Libguestfs
mailing list